Vulnerability Details : CVE-2007-5334
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.
Exploit prediction scoring system (EPSS) score for CVE-2007-5334
Probability of exploitation activity in the next 30 days: 0.80%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-5334
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-5334
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5334
-
http://www.kb.cert.org/vuls/id/349217
US Government Resource
- http://www.securityfocus.com/archive/1/482925/100/0/threaded
- http://www.redhat.com/support/errata/RHSA-2007-0979.html
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
- http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
-
http://www.vupen.com/english/advisories/2008/0083
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.debian.org/security/2007/dsa-1396
- http://www.securityfocus.com/archive/1/482876/100/200/threaded
- http://www.redhat.com/support/errata/RHSA-2007-0980.html
- http://securitytracker.com/id?1018837
- http://www.redhat.com/support/errata/RHSA-2007-0981.html
- http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
- http://www.debian.org/security/2007/dsa-1392
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/37286
- http://www.securityfocus.com/archive/1/482932/100/200/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482
- http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
- https://issues.rpath.com/browse/RPL-1858
- http://www.ubuntu.com/usn/usn-536-1
- http://www.vupen.com/english/advisories/2007/3587
- http://www.vupen.com/english/advisories/2007/3544
-
http://www.mozilla.org/security/announce/2007/mfsa2007-33.html
Patch
- https://usn.ubuntu.com/535-1/
- http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
- http://www.securityfocus.com/bid/26132
- http://www.debian.org/security/2007/dsa-1401
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
-
https://bugzilla.mozilla.org/show_bug.cgi?id=391043
Products affected by CVE-2007-5334
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*